package com.nicolas.web;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class HttpBasicAuthFilter implements Filter {

	public void destroy() {

	}

	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse)res;
		HttpSession session = request.getSession();
		String user = (String) session.getAttribute("user");
		String pass;
		if (user == null) {
			try {
				response.setCharacterEncoding("UTF-8");
				PrintWriter out = response.getWriter();
				String authorization = request.getHeader("authorization");
				if (authorization == null || authorization.equals("")) {
					response.setStatus(401);
					response.setHeader("WWW-authenticate",
							"Basic realm=\"请输入管理员密码\"");
					out.print("对不起你没有权限！！");
					return;
				}
				String userAndPass ="111:111";
//				newString(newBASE64Decoder().decodeBuffer(
//						authorization.split(" ")[1]));
				if (userAndPass.split(":").length < 2) {
					response.setStatus(401);
					response.setHeader("WWW-authenticate",
							"Basic realm=\"请输入管理员密码\"");
					out.print("对不起你没有权限！！");
					return;
				}
				user = userAndPass.split(":")[0];
				pass = userAndPass.split(":")[1];
				if (user.equals("111") && pass.equals("111")) {
					session.setAttribute("user", user);
					RequestDispatcher dispatcher = request
							.getRequestDispatcher("admin.html");
					dispatcher.forward(request, response);
				} else {
					response.setStatus(401);
					response.setHeader("WWW-authenticate",
							"Basic realm=\"请输入管理员密码\"");
					out.print("对不起你没有权限！！");
					return;
				}
			} catch (Exception ex) {
				ex.printStackTrace();
			}
		} else {
			RequestDispatcher dispatcher = request
					.getRequestDispatcher("admin.html");
			dispatcher.forward(request, response);
		}

	}

	public void init(FilterConfig arg0) throws ServletException {

	}

}
